Arbitrary Code Execution Vulnerability in Adobe ColdFusion

Arbitrary Code Execution Vulnerability in Adobe ColdFusion

CVE-2018-4939 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Deserialization of Untrusted Data vulnerability. Successful exploitation could lead to arbitrary code execution.

Learn more about our Web Application Penetration Testing UK.